Re: [syzbot] Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush

From: syzbot
Date: Wed Jul 24 2024 - 07:45:28 EST

Next message: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in __cpu_map_flush"
Previous message: Md Sadre Alam: "[PATCH v7 4/8] mtd: nand: Add qpic_common API file"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush
Author: aha310510@xxxxxxxxx

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

---
drivers/net/tun.c | 7 -------
1 file changed, 7 deletions(-)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 9b24861464bc..9254bca2813d 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1661,7 +1661,6 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
int len, int *skb_xdp)
{
struct page_frag *alloc_frag = &current->task_frag;
- struct bpf_net_context __bpf_net_ctx, *bpf_net_ctx;
struct bpf_prog *xdp_prog;
int buflen = SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
char *buf;
@@ -1701,7 +1700,6 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,

local_bh_disable();
rcu_read_lock();
- bpf_net_ctx = bpf_net_ctx_set(&__bpf_net_ctx);
xdp_prog = rcu_dereference(tun->xdp_prog);
if (xdp_prog) {
struct xdp_buff xdp;
@@ -1730,14 +1728,12 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
pad = xdp.data - xdp.data_hard_start;
len = xdp.data_end - xdp.data;
}
- bpf_net_ctx_clear(bpf_net_ctx);
rcu_read_unlock();
local_bh_enable();

return __tun_build_skb(tfile, alloc_frag, buf, buflen, len, pad);

out:
- bpf_net_ctx_clear(bpf_net_ctx);
rcu_read_unlock();
local_bh_enable();
return NULL;
@@ -2570,7 +2566,6 @@ static int tun_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len)

if (m->msg_controllen == sizeof(struct tun_msg_ctl) &&
ctl && ctl->type == TUN_MSG_PTR) {
- struct bpf_net_context __bpf_net_ctx, *bpf_net_ctx;
struct tun_page tpage;
int n = ctl->num;
int flush = 0, queued = 0;
@@ -2579,7 +2574,6 @@ static int tun_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len)

local_bh_disable();
rcu_read_lock();
- bpf_net_ctx = bpf_net_ctx_set(&__bpf_net_ctx);

for (i = 0; i < n; i++) {
xdp = &((struct xdp_buff *)ctl->ptr)[i];
@@ -2594,7 +2588,6 @@ static int tun_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len)
if (tfile->napi_enabled && queued > 0)
napi_schedule(&tfile->napi);

- bpf_net_ctx_clear(bpf_net_ctx);
rcu_read_unlock();
local_bh_enable();

--

Next message: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in __cpu_map_flush"
Previous message: Md Sadre Alam: "[PATCH v7 4/8] mtd: nand: Add qpic_common API file"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [net?] [bpf?] general protection fault in __dev_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]